CVE-2018-7364

CRITICAL

ZTE ZXIN10 < resv1.01.44 - Unauthenticated Remote Code Execution via devcomm Process

Title source: llm

Description

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.

References (3)

Core 3

Core References

Vendor Advisory

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943

Exploit, Third Party Advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p

Vendor Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943

Scores

CVSS v3 9.8

EPSS 0.0348

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (1)

zte/zxin10 < resv1.01.44

Published Dec 07, 2018

Tracked Since Feb 18, 2026